No. Using solely cloudflare, is not truly privacy safe.
However here is a brief recap of what happens and then what a tunnel is and how it SHOULD be used.
When you writes “new to self hosting” I will automatically assume you have setup a server in your own perimeter (home address), and is looking into using Cloudflare ONLY to provide a publicly reachable interface, so you can reach your Nextcloud from anywhere.
All your data resides on your nextcloud in your home. So far so good. You should ALWAYS use HTTPS, where the TLS trafic terminates at your own premise (on your own network). For this to be possible, there are three options, whereas two is considered truly trustworthy:
1:
Reverse proxy with TLS termination (can be Letsencrypt), proxying through a VPN tunnel to your on premise Nextcloud webserver, setup also with TLS (self signed). NOT truly privacy trustworthy.
2:
Reverse proxy with SSL passthrough through VPN tunnel to your on premnise Nextcloud webserver, setup with TLS (can be Letsencrypt). Considered truly privacy trustworthy.
3:
Cloudflare tunnel using pure TCP port forwarding over the VPN you sets up, it is even better. And this setup is even more simple than a reverse proxy. Considered truly privacy trustworthy.
With option 2 - and especially 3 - it does not matter at all, which frontend service - Cloudflare or even Alibaba - you are using. Even less if you use a service like Letsencrypt, because it uses your On premise Nextcloud webservers own private key, to identify and ensure that there is no middleman trying to disguise like you.
So to recap and answer: Your question as you asks it, makes sense, but the essense does not. It actually depends on how you chooses to configure Cloudflare. The only thing that matters is that you do not terminate the TLS on the Cloudflare end of your infrastructure.